ajohnson wrote:No, that wasn't what I was getting at. Passing the GSE written every four years will renew ALL of your GIAC certs. Otherwise, he'd have to renew each one individually, which would be insane with that many.

I would think it would renew all the certs you took to pass the GSE. Renewing all GIAC certs doesn't seem to make much sense, unless the GSE exam is customized to include questions from every GIAC cert you have.

Chapter 1: IntroductionIf you have not programmed in Python before, Chapter One provides background information about the language, variables, data types, functions, iteration, selection, and working with modules, and methodically walks through writing a few simple programs. Feel free to skip it if you are already comfortable with the Python programming language. After the first chapter, the following six chapters are fairly independent from one another; feel free to read them in whichever order you please, according to what strikes your curiosity.

Chapter 2: Penetration Testing with PythonChapter Two introduces the idea of using the Python programming language to script attacks for penetration testing. The examples in the chapter include building a port scanner, constructing an SSH botnet, mass-compromising via FTP, replicating Conficker, and writing an exploit.

Chapter 6: Web Recon With PythonChapter Six examines using Python to scrape the web for information. The examples in this chapter include anonymously browsing the web via Python, working with developer APIs, scraping popular social media sites, and creating a spear-phishing email.

Chapter 7: Antivirus Evasion with PythonIn the Final chapter, Chapter Seven, we build a piece of malware that evades antivirus systems. Additionally, we build a script for uploading our malware against an online antivirus scanner.

ajohnson wrote:No, that wasn't what I was getting at. Passing the GSE written every four years will renew ALL of your GIAC certs. Otherwise, he'd have to renew each one individually, which would be insane with that many.

I would think it would renew all the certs you took to pass the GSE. Renewing all GIAC certs doesn't seem to make much sense, unless the GSE exam is customized to include questions from every GIAC cert you have.

It's the same type of deal with the CISSP. My OSCP didn't refresh that material, but I was still able to apply the CPEs towards maintaining that certification. The renewal process usually just requires relevant continuing education, and if you're keeping up with GSE-level material, you're clearly doing so.

And honestly, they needed a practical way to maintain certifications for people who have a higher number. Otherwise, they'll end up in a position where they're having to pay a fee, take an exam, and/or write a paper every few months. That's just not feasible.

Last edited by dynamik on Thu Oct 18, 2012 1:54 pm, edited 1 time in total.

I just got the book and read a little of it. The AV Evasion chapter was disappointing. The only thing that was done to evade AV was to run msfpayload, paste the shellcode into a basic template python script, and compile it. No encoding, obfuscating, or anything what so ever. Just compiling shellcode msfpayload generated... not even msfencode was used.

The little bit of the forensics chapter I read was decent for a beginner. An entire book could probably be written on most, if not each chapter, so I guess it has to be somewhat general.

Eleven wrote:I just got the book and read a little of it. The AV Evasion chapter was disappointing. The only thing that was done to evade AV was to run msfpayload, paste the shellcode into a basic template python script, and compile it. No encoding, obfuscating, or anything what so ever. Just compiling shellcode msfpayload generated... not even msfencode was used.

Still, if you weren't aware you could do that before, it's certainly a nice piece of info to pick up. Attacks don't always have to be sexy or complicated.

Eleven wrote:The little bit of the forensics chapter I read was decent for a beginner. An entire book could probably be written on most, if not each chapter, so I guess it has to be somewhat general.

Right, you'll find SecurityTube's SPSE is like that too. What I've found to be important is that a resource provides you with a solid foundation and direction for future growth. Once you have the building blocks, you can usually get where you want to go on your own.

@ajohnson Yeah, it's like creating a chapter on NIDS evasion and just running fragrouter and calling it a day... I didn't learn anything on AV evasion other than AV sucks even more than I thought. I mean jeez, he went from being detected by 10/14 AV vendors, to 0 just by compiling it as an .exe using Python? Are other people that successful with this technique? I'm watching the video now, thanks.

Last edited by Eleven on Fri Nov 16, 2012 12:53 pm, edited 1 time in total.